General

  • Target

    9edcd7efb2caf50e8650398ca74970d0

  • Size

    5.0MB

  • Sample

    220720-h5htxadedn

  • MD5

    9edcd7efb2caf50e8650398ca74970d0

  • SHA1

    5fdc65fe0c94fc165005fa55a49a932126ff2c69

  • SHA256

    dc3b03cd6306920cfad9e22cc2900b2f99f0eb285bdbf9efe9cd42c8937be8d4

  • SHA512

    e04f766bf4a6c602b1ca55fc83d696264df1ec43c1e831e1e3c5f74e64f8f81f3714ed3302fea1eafafefcae01bbddf90ba3e48fd050680237e5ad5a21f54244

Malware Config

Targets

    • Target

      9edcd7efb2caf50e8650398ca74970d0

    • Size

      5.0MB

    • MD5

      9edcd7efb2caf50e8650398ca74970d0

    • SHA1

      5fdc65fe0c94fc165005fa55a49a932126ff2c69

    • SHA256

      dc3b03cd6306920cfad9e22cc2900b2f99f0eb285bdbf9efe9cd42c8937be8d4

    • SHA512

      e04f766bf4a6c602b1ca55fc83d696264df1ec43c1e831e1e3c5f74e64f8f81f3714ed3302fea1eafafefcae01bbddf90ba3e48fd050680237e5ad5a21f54244

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3232) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Contacts a large (1255) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks